CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
68.0%
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
Vendor | Product | Version | CPE |
---|---|---|---|
paramiko | paramiko | 1.17.6 | cpe:2.3:a:paramiko:paramiko:1.17.6:*:*:*:*:*:*:* |
paramiko | paramiko | 1.18.5 | cpe:2.3:a:paramiko:paramiko:1.18.5:*:*:*:*:*:*:* |
paramiko | paramiko | 2.0.8 | cpe:2.3:a:paramiko:paramiko:2.0.8:*:*:*:*:*:*:* |
paramiko | paramiko | 2.1.5 | cpe:2.3:a:paramiko:paramiko:2.1.5:*:*:*:*:*:*:* |
paramiko | paramiko | 2.2.3 | cpe:2.3:a:paramiko:paramiko:2.2.3:*:*:*:*:*:*:* |
paramiko | paramiko | 2.3.2 | cpe:2.3:a:paramiko:paramiko:2.3.2:*:*:*:*:*:*:* |
paramiko | paramiko | 2.4.1 | cpe:2.3:a:paramiko:paramiko:2.4.1:*:*:*:*:*:*:* |
redhat | ansible_tower | 3.3 | cpe:2.3:a:redhat:ansible_tower:3.3:*:*:*:*:*:*:* |
redhat | virtualization_host | 4.0 | cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* |
redhat | enterprise_linux_desktop | 6.0 | cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* |
access.redhat.com/errata/RHBA-2018:3497
access.redhat.com/errata/RHSA-2018:3347
access.redhat.com/errata/RHSA-2018:3406
access.redhat.com/errata/RHSA-2018:3505
github.com/paramiko/paramiko/issues/1283
herolab.usd.de/wp-content/uploads/sites/4/usd20180023.txt
lists.debian.org/debian-lts-announce/2018/10/msg00018.html
lists.debian.org/debian-lts-announce/2021/12/msg00025.html
usn.ubuntu.com/3796-1/
usn.ubuntu.com/3796-2/
usn.ubuntu.com/3796-3/
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
68.0%